Unlocking the key card myth

For some time now there's been a story floating round - mainly on the internet - about the risk of having your personal details and credit card information stolen via the magnetic key cards they use in most hotels these days.

An anxious reader recently sent in an email just received which urged anyone staying in a hotel not to hand the room card back to reception but to cut it up and destroy it.

According to the email the key cards carry not only your room number and check-in and check-out dates but also:

* Customer name
* Partial home address
* Credit card number and expiry date

"When you turn them in to the front desk," it warned, "your personal information is there for any employee to access.

"Hotels do not erase the information on these cards until they are re-issued to another guest... at which time the information is electronically overwritten."

In the meantime any hotel staff employee could get your credit card information by simply scanning your room card in the hotel scanner, or by taking a handful of cards home and using a scanning device and a PC, "and go shopping at your expense."

To prevent this happening, hotel patrons are urged: "Keep the cards, take them home with you, or destroy them. Never leave them behind in the room and never turn them into the front desk when you check out of the hotel."

Scary stuff ... if it's true ... which, happily, it's not.

Most hotels have heard of this urban myth and all flatly deny that there is any truth to it.

Accor Hotels director of sales and marketing for New Zealand and the South Pacific, John Farrell, said: "We can assure our guests that this is incorrect and our IT department checked it thoroughly when this email circulated a year ago.

"There is no reason for us to store this information on a key card. The card stores the check out date and room number information, which allows the key card to become inoperative when it is no longer valid.

"The rest of the data related to guests is stored in the hotel Property Management System, located at reception, where it is secure."

Ah, I hear you respond, but they would say that, wouldn't they. The email claims the information about the key cards came from the police. Who do you believe?

Well, just to set your minds at rest, there's a very thorough investigation of this story on snopes.com, a website dedicated to following up urban myths, and it concluded there was no truth to the key card story.

The snopes team found the whole business originated five years ago when a detective at the Pasadena Police Department misunderstood comments at a briefing and issued a warning which flashed around the world. It created such a fuss that the department conducted an investigation and issued a retraction stating that "with today's new technology it appears that no hotels engage in the practice of storing personal information on key cards".

More recently Computerworld magazine also investigated the story, by collecting more than 100 hotel key cards and trying to get information off them, initially with a standard cardreader, then using sophisticated electronic equipment at the MagTek laboratory. The magazine's report concluded, "Neither MagTek nor Computerworld found any personally identifiable information on them."

So there you go. Cut up your hotel card keys if it makes you feel better. Personally I won't be bothering.

- Jim Eagles

Pictured above: Key cards aren't quite the security threat they've been rumoured to be. Photo / AP